SlideShare ist ein Scribd-Unternehmen logo
1 von 129
Beyond Benchmarking:
 How Should Law and
Corporate Compliance
     Intersect?

        MICHELE DESTEFANO
   FOUNDER, LAWWITHOUTWALLS
Associate Professor of Law, MiamiLaw

  Program on the Legal Profession
        13 November 2012
Corporations Around the Globe
             Are Facing a HUGE challenge




11/14/2012              DeStefano            3
Despite the current freeze
               on legal expenditure
                   corporations
                   are having to
                       invest
                     HEAVILY
                  in compliance
                         ...


11/14/2012             DeStefano          4
. . . in managing the legal risk of business




11/14/2012            DeStefano                  5
Questions?Questions?Questions?

  Where does legal      How Is Compliance
 end and compliance      Managed and by
       start?                Whom?
                Who Should
                    be
                Responsible
                    for
               Compliance?
And What about Ethics and Corporate Culture?
 11/14/2012         DeStefano               6
In large publicly traded corporations,
                      *historically*
              the compliance department
           was part of the legal department
                            ...
                Overseen or even run by
                  the chief legal officer
                            ...


11/14/2012               DeStefano                7
In many respects,
                   this is
                 still true
                   today




11/14/2012         DeStefano     8
Many corporate practices, and mandates put
   compliance in the hands of lawyers . . .




11/14/2012         DeStefano              9
Practice/Mandates/Guidelines
 ABA Task Force on              46% of ACCA survey
      Corporate
   Responsibility                 respondents claim
 recommended that               that Compliance was
  general counsels               ultimately overseen
 oversee compliance
(with direct oversight           by the GC or the GC
    by the Board)                 serves as the CCO


             MR 1.13 and SOX §307 puts the GC
             in role of whistle blower/gatekeeper
11/14/2012                 DeStefano                   10
Recently, this has begun to . . .




11/14/2012       DeStefano             11
Although the government
         (e.g., OIG of the SEC and the DHHS)
                         does not
                        *require*
                    that corporations
                         separate
          the compliance and legal functions
                            ...


11/14/2012              DeStefano              12
...
               their
             unofficial
              stance
                 is
               that
               they
             *should*


11/14/2012     DeStefano   13
Indeed,
              the SEC and the DHHS
             have forced corporations
               that have misbehaved
                       to do
                        just
                        that
                         ...


11/14/2012            DeStefano         14
To develop
                        distinct
              Compliance Departments
                          And
                       designate
             a Chief Compliance Officer
       *that does NOT report to the GC/CLO*
                     and that has
                    direct access
                    to the Board
11/14/2012            DeStefano               15
Consider
                 the
             following
               Four
             examples




11/14/2012     DeStefano   16
2004 – Medicaid Pricing Fraud




11/14/2012   DeStefano       17
In its Corporate Integrity Agreement (CIA),
            Schering-Plough had to
                  pay $293M,
               establish a hotline,
    revise corporate conduct code/training
                       and
                designate a CCO
   to report directly to the CEO or President
               *and NOT the GC*
         with direct access to the Board
11/14/2012           DeStefano              18
2004 – Fraudulent Revenue Projection




 11/14/2012     DeStefano        19
In settlement,
                      Quest
                    agreed to
                  pay $250M,
                       and
             create a CCO position
                   that would
                *report directly*
                   to the CEO
               with direct access
                  to the Board
11/14/2012           DeStefano       20
2009 – Illegal Promotion of Drug Uses




 11/14/2012     DeStefano         21
Pfizer paid $2.3 BILLION,
                     plead guilty to a
               felony criminal violation,
                and signed a 5-year CIA
                        mandating
                 that it create a hotline,
                   heighten training,
                  And designate a CCO
                    that would not be
              subordinate to the GC/CLO
             and would have direct access
                       to the Board
11/14/2012               DeStefano           22
2010 – Insider Trading Investigation




11/14/2012     DeStefano          23
To appease,
                the SEC created
                    a “real”
                  and singular
             compliance department
                 with oversight
                     by one
                designated CCO



11/14/2012           DeStefano       24
In Sum, the reaction by the DDHS
           and SEC has been to




11/14/2012        DeStefano         25
To emphasize
                the structure,
                management,
                  policies,
                and programs
             around compliance




11/14/2012         DeStefano     26
To demand
                    that
                 malfeasant
                corporations
                  separate
                compliance
                  from the
             legal department,



11/14/2012         DeStefano     27
Designate a CCO
                   that is
                 not also
                  the GC
                    and
                 does not
                 report to
                  the GC



11/14/2012        DeStefano    28
And
               that has
             direct access
                to the
                Board
                  Of
               Directors




11/14/2012      DeStefano    29
This Reaction is Consistent with
 Recent Laws and Recommendations
    SECs Compliance           Federal Sentencing
  Rule 2004 requiring         Guidelines defining
  each SEC registered         what is an effective
       investment            compliance program
  company/advisor to         and providing extra
   designate a CCO to      credit for corporations
  oversee compliance       that designate separate
 and report directly to        CCOs with direct
        the Board           reporting to the board
Guidelines by Professional Associations (OIG/ILA)
             recommending the same
  11/14/2012           DeStefano                30
And more and more corporations
          seem to be following suit




11/14/2012         DeStefano        31
Over the past few years,
                    in the wake
              of corporate scandals
               that span industries
                   e.g., pharma,
                     insurance,
                financial services,
                    health care,
               consumer products,

11/14/2012            DeStefano         32
There
              appears
               to be
                an
             emerging
               trend




11/14/2012     DeStefano   33
to separate
                         the
               compliance function
                        from
               the legal department
                    and create
                         new
                      distinct
             compliance departments

11/14/2012           DeStefano        34
compliance departments
                       largely led
                    and comprised of
                      non-lawyers
                           and
                 non-practicing lawyers
             that report directly to the CEO
                           and
                    have direct access
                      to the board
11/14/2012                DeStefano            35
Why and Should This Be So?
             Why Have Organizations
              Adopted this new stance
                       on the
             organizational structure of
                   compliance?

                         AND

               Is this Best Practice?
11/14/2012            DeStefano            36
Questions?Questions?Questions?

                Do Inhouse Lawyers
                  - when they work
             in the legal department -
                  somehow impair
              ethics and compliance?




11/14/2012             DeStefano         37
Questions?Questions?Questions?

                  Are lawyers
             – acting as lawyers –
             less able to prevent,
                    uncover,
                   and stop
                 malfeasance?




11/14/2012            DeStefano      38
Questions?Questions?Questions?
               Does taking compliance
                   out of the hands
                of practicing lawyers
                        create
              the type of change that is
                        needed
                to ensure a culture of
                    compliance?

 Or are these new compliance departments
     just a formal solution to appease?
 11/14/2012             DeStefano          39
“ A number of the early mover companies
    that created compliance departments did
    so as part of resolving a major mishap or
       high profile problem -- so it was not
     necessarily a best practice. But after a
    number of major companies have done it
    over the years, it starts to look like a best
   practice. Once in that position, it becomes
     hard for a major corporation to explain
        why they don't need a compliance
              department.” (FGC-2)
11/14/2012            DeStefano                 40
Purpose: Explore 3 Questions

  (i) What is “compliance”?
 (ii) How is it managed, where is it
   currently housed in large, publicly
   traded corporations and why
 (iii) Who Should Oversee Compliance:
      What are the risks and benefits of having a
       distinct compliance function run by non-
       lawyers (or non-practicing lawyers) that
       report to the CEO/Board?
11/14/2012               DeStefano                  41
Research Methodology
Stage 1
• 2007 - completed before meltdown
• 40 brief interviews (avg. 8 min) with
  General Counsels of S&P 500 corps in
  banking, pharmaceutical, & petroleum




11/14/2012          DeStefano             42
Research Methodology
Stage 2
• 2010-present
• 30-40 in-depth interviews (avg 60 min)
  with General Counsels and Chief
  Compliance Officers of large, publicly
  traded corporations
• 6 industries: Pharmaceutical, Energy,
  Healthcare, Consumer Products, Financial
  Services, and Misc

11/14/2012         DeStefano             43
Research Methodology
Stage 2 Goals:
1. 30-40 interviews comprising of 2 to 3
   companies per industry
2. 1 ex-GC in each industry
3. 1 lower level compliance manager in each
   industry
4. 1 to 2 nonpublic companies (GC and CCO)
5. 1 senior manager that works or used to
   work in compliance at the SEC, OIG
6. 1 to 2 compliance consultants/activists
11/14/2012           DeStefano            44
Caveats
1. Sample size is very very low
2. Still in the process of coding some
   interviews
3. This study is not comprised of a random
   sample and is based on self-reports by
   senior executives which arguably have
   certain stories to tell



11/14/2012         DeStefano                 45
Key Findings to Date: Stage 2
   Who Oversees Compliance?
 • GCs had ultimate responsibility for the
   compliance function for the majority of
   corporations interviewed

     – But the Compliance Department is
       considered distinct from the Legal
       Department

     – And the CCO has a dotted line to Board
11/14/2012             DeStefano                46
Key Findings to Date: Stage 2
   Who Oversees Compliance?
 • Where GC/CLO did not have ultimate
   oversight, generally compliance was
   overseen by a former in-house lawyer,
   often the deputy general counsel, that
   reports to the CEO with access to the
   board




11/14/2012          DeStefano               47
Key Findings to Date: Stage 2
   Who Oversees Compliance?
 • Compliance Departments are made up of
   a lot of lawyers




11/14/2012        DeStefano                48
Key Findings To Date:
    Role of the CCO vs the GC?




11/14/2012    DeStefano      49
Problem often faced
                      by the CCO
             is the giving of legal advice
                           ...
                    Hard not to do
                       given the
                  nature and scope
                       of the job
                and that often the CCO
                      was trained
                      as a lawyer

11/14/2012              DeStefano            50
Role of the CCO vs the GC?
      Consensus Similarity
         Legal and Compliance Departments
                        rely on
                  legal expertise and
                 have a shared goal
               to increase compliance
                     with the law



11/14/2012            DeStefano             51
Role of the CCO vs the GC?
     Consensus Distinction
                The CCO focuses on
       1) building policies and procedures;
             2) monitoring adherence;
     3) training and educating employees on
       specific regulatory obligations; and,
       4) testing employees on adherence.



11/14/2012            DeStefano                52
Role of the CCO vs the GC?
  Claimed Distinction 1
    Compliance Officers (vs. GC)
              care about
       preventing misconduct,
         neutral fact finding,
acting in the interest of stakeholders,
      uncovering misconduct,
              ethics, and
                culture
                                          53
Role of the CCO vs the GC?
  Claimed Distinction 2
        Compliance Officers
have different reporting obligations,
      aren‟t acting as lawyers,
                 and
            can‟t garner
attorney-client privilege protection



                                        54
Role of the CCO vs the GC?
  Claimed Distinction 3
       Compliance requires
     management know-how in
             training,
           HR matters,
        communications,
             auditing,
      and internal controls ,
         While legal work
             Requires
        training in the law
                                55
Role of the CCO vs the GC?
  Claimed Distinction 4
             Lawyers
      tell you what the law
                says
     and are concerned with
        legal liability and
      vigorously defending
         the corporation
            at all costs
                              56
Role of the CCO vs the GC?
  Claimed Distinction 5
           The lawyers
      tell you whether you
               can
         do something,
        and compliance
     tells you whether you
             should

                             57
Role of the CCO vs the GC?
       Typical Quote

“The General Counsel‟s job is . . . to advise
[the company and senior managers] of the
legal risks but not initiate the conversation
    over what is the right thing to do –
          the General Counsel‟s job
          is more black and white.”


                                            58
But
             these distinctions
                   appear
                    to be
                    a bit
                 artificial




11/14/2012         DeStefano      59
If you have a broad view
               of the role of the GC;
                    If you believe
                    (as many do)
                  that the GC has
                   or should have
                 some gatekeeping
                  responsibilities


11/14/2012            DeStefano         60
If you think
                         The GC
                      should play
                 the role of counselor
                      in charge of
                   corporate culture
                       and ethics
             and the corporate conscience
                           ...

11/14/2012              DeStefano           61
Then
                these
             distinctions
                 are
                   a
                  bit
              artificial




11/14/2012      DeStefano   62
Many GC interviewees saw these
     distinctions in reverse




11/14/2012     DeStefano          63
They claimed
                    that the GC
             (as opposed to the CCO)
                    is in charge
                    of the ethics
              and corporate culture
                and that the CCOs
                  can sometimes
                be seen as just . . .

11/14/2012            DeStefano         64
Traffic Cops




11/14/2012       DeStefano   65
So
                    Perhaps
                     it is the
             philosophy of the role
                  that matters
                       more
                       than
                    the titles
              and segmentations

11/14/2012           DeStefano        66
A Typology of Roles:
             Not All CCOs are Alike




11/14/2012            DeStefano       67
Automatan




11/14/2012      DeStefano   68
Investigator




11/14/2012       DeStefano   69
Mark Wahlberg: The Departed




11/14/2012   DeStefano    70
Spy




11/14/2012   DeStefano   71
Counselor




11/14/2012      DeStefano   72
Counselor
“I like to play the business card game with my CEO.
Whenever there is a tough conversation around
ethics and compliance and the law, I ask my CEO to
take out his business card. I point out, as we look
at the cards, that his card says „president, CEO, and
chairman.” My card says „VP, GC, and counsel.” I
explain that want to concentrate on the counsel
part. My card gives me the right to counsel you and
you can disregard it. But I get to say I told you so . .
.”


 11/14/2012               DeStefano                    73
Involved Parent




11/14/2012        DeStefano    74
Business Bottom Liner




11/14/2012            DeStefano      75
Scarecrow




11/14/2012      DeStefano   76
Which Way Do We Go?




11/14/2012           DeStefano     77
“Throughout the organization, we don‟t have
  someone named as a compliance officer –
  meaning that, if one person is in charge of
 compliance, nobody else has to worry about
     it.” (GC large petroleum company)




11/14/2012          DeStefano               78
Given that
              there are so
             many different
              archetypes,
                perhaps
                the right
               Question
                   is:



11/14/2012       DeStefano    79
What
                are the
                  risks
                  and
                benefits
               of having
                the two
              Segregated
             departments?

11/14/2012      DeStefano   80
Does
               segregation,
             in and of itself
             create specific
                 negative
              repercussions
                    or
                 positive
             consequences?

11/14/2012        DeStefano     81
Risks if Combined:
             Conflict of Interest




11/14/2012           DeStefano      82
Risks if Combined:
              Shield of Secrecy




11/14/2012          DeStefano     83
Risks if Separate: Turf Wars




11/14/2012     DeStefano          84
Risks if Separate: Inefficiencies




11/14/2012       DeStefano             85
Risks if Separate: Communication
Issues & Loss of Shared Learnings




11/14/2012    DeStefano         86
Unidentified Risks if Separate:
    Revival of the Legal Technician




11/14/2012       DeStefano            87
Unidentified Risks if Separate:
     Decrease in Gatekeeping &
          Counselor Role




11/14/2012       DeStefano            88
Unidentified Risks if Separate:
      Increase in Information
  Protected by the Attorney-Client
              Privilege




11/14/2012      DeStefano            89
Unidentified Risks if Separate:
         Terminator CCOs




11/14/2012       DeStefano            90
Unidentified Risks if Separate:
         Increase in the UPL




11/14/2012       DeStefano            91
Unidentified Risks if Separate:
         Increase in the UPL

 “There is no such thing as a non-practicing
 lawyer – purely practical – if you are a lawyer
 you are a lawyer doesn‟t matter if licensed to
 practice law or not – people look at you as a
 lawyer and rely on you as it to dispense legal
 advice despite of title . . and therefore in my view
 I‟m a GC of company if one my lawyers screws up
 – I‟m responsible - - I can‟t say that‟s lawyer in
 compliance and I get by . . I think its functionally
 wrong . . but reasonable people can differ”
11/14/2012              DeStefano                       92
Unidentified Risks if Separate:
    Rise of the Law Consultant not
         bound by the MRPC




11/14/2012       DeStefano            93
Unidentified Risks if Separate:
 Just Another Risk to be Managed




11/14/2012     DeStefano        94
Unidentified Risks if Separate:
     Increase in Strict Liability?




11/14/2012       DeStefano            95
Unidentified Risks if Separate:
        Just a Copy-Cat Move




11/14/2012       DeStefano            96
But the only way
                  to determine
              who should oversee
                   compliance
                  and whether
                the departments
             should be segregated,
                      is to
               agree on what are
                 the objectives
                       ...

11/14/2012           DeStefano       97
Are the objectives
                to increase
             the corporation‟s
               Compliance
                  with the
                    rule
                      of
                    law?



11/14/2012         DeStefano      98
Are the objectives
                 to increase
             the corporation‟s
                 normative
                commitment
                       to
                compliance?
              i.e., to establish
                   a culture
              of compliance?

11/14/2012         DeStefano       99
Or are
                    the objectives
                     to enhance
                  the expectations
               society has of lawyers
                    and their role
                   as gatekeepers,
                     counselors,
        keepers of the corporate conscience?

11/14/2012             DeStefano               100
Arguably, the current
   trend/mandate applauds
form over function and fails to
           deliver




11/14/2012   DeStefano        101
Although
                     it is true
                that the SEC has
                     claimed
                       it will
                 assess whether
                   a company
                       has a
             “culture of compliance”

11/14/2012            DeStefano        102
Recent
                  Mandates
                     by
              the government
             including the SEC
                     do
                not appear to
               to be doing so.
             They do NOT even
                  consider

11/14/2012         DeStefano     103
The Importance of Collaboration
  to Effective Compliance & Culture




11/14/2012      DeStefano         104
Instead
                 they prize
               Independence
              and traditional
                  notions
                 of control
                   OVER
             interdependency,
              embeddedness
             And collaboration

11/14/2012         DeStefano     105
They
                     emphasize
                          the
                      outward
                       formal
                  organizational
                     structures
                   and programs
                           ...
                    as if they are
                       proxies
             for effective compliance
11/14/2012            DeStefano         106
The Org Chart




11/14/2012       DeStefano   107
A Code of Conduct




11/14/2012         DeStefano     108
Training Manuals & Programs




11/14/2012    DeStefano          109
In order
                     to find
               the critical gaps,
             the focus should be
                     on the
                   Internal:
                1) How people
                    interact



11/14/2012          DeStefano       110
Informal Cultural
             Communication Norms




11/14/2012          DeStefano      111
It is the
                  hidden norms
               and social networks
                   that impact
                    the choices
                 employees make
                        NOT
                    the public,
                      formal,
                ethics programs,
                codes of conduct,
             and missions statements

11/14/2012            DeStefano        112
Researchers agree that
               formal systems are
                 the weakest link
              in the organization‟s
             ethical infrastructure
                and are typically
                    far eclipsed
                by their informal
                   counterparts

11/14/2012           DeStefano        113
In order
                    to find
               the critical gaps,
             the focus should be
                    on the
                   internal:
                2) How people
                      are
                  motivated

11/14/2012          DeStefano       114
Carrots? Or Sticks?




11/14/2012          DeStefano      115
While it is true
                        that many
                compliance functions are
               “route” or “check-the-box,”
             and malfeasance with these task
                 is easy to uncover and
                      compliance is
                     easy to motivate



11/14/2012                DeStefano            116
When the choice
                  involves
             non-routine tasks
              and deliberation
                 involving
                   morals,
                   ethics,
           personal preferences,
 malfeasance is much harder to control with
              carrots or sticks

11/14/2012         DeStefano              117
Indeed, monetary incentives
                  can take the good
                  out of doing good;
                     and If-then
                   carrots or sticks
               neglect the ingredients
                          of
                 Genuine motivation



11/14/2012              DeStefano          118
External or Internal




11/14/2012           DeStefano      119
In order
                     to find
                the critical gaps,
              the focus should be
                     on the
                    internal:
             2) How people make
                     ethical
                    decisions

11/14/2012           DeStefano       120
How Does Ethics Intersect with
       Compliance and the Law?




11/14/2012        DeStefano           121
Compliance
                   initiatives
                do not account
                 for the reality
                that employees
              do not necessarily
             recognize a dilemma
                      as an
                  ethical one

11/14/2012          DeStefano      122
Many Ethical Dilemmas Result
            from Blind Spots




11/14/2012        DeStefano          123
...
                 Think Pinto
                     ...
             Think The Challenger




11/14/2012          DeStefano       124
Desensitization and Ethical Fading




11/14/2012      DeStefano         125
Preliminary
                   Conclusions:
             1) large, publicly traded
                   Corporations
                    should not
               preemptively comply
              with the government‟s
               unofficial preference
                towards stand alone
             compliance departments

11/14/2012             DeStefano         126
Preliminary
                     Conclusions:
                   2) Instead of focusing
                       on the outward
                     form and structure
                      of an organization
                or formal exemplifications
                        of compliance,
             assessment should look inward,
             at the informal communication,
                      value chains, and
                  culture of the company

11/14/2012               DeStefano            127
Preliminary
                     Conclusions:
             3) Bonus points should be given
                   to those corporations
                 that take an inward look
                  at how work is actually
                         being done
                     and the networks
                    and ethical culture
              that exists beneath and beyond
                       the Org chart,
                  the mission statement,
                 and the code of conduct
11/14/2012                DeStefano            128
Questions?Questions?Questions?
Are lawyers better         Is the culture of the
    able to run           company determined
 compliance than            by the tone at the
   nonlawyers?             top? Or the tone at
                   Should      them middle?
                Compliance
                 be separate
                from Legal?
  Is having a compliance department more
      important today than 5 years ago?
11/14/2012           DeStefano               129
MICHELE DESTEFANO
    FOUNDER, LAWWITHOUTWALLS
 Associate Professor of Law, MiamiLaw
          md@law.miami.edu




11/14/2012       DeStefano          130

Weitere ähnliche Inhalte

Mehr von Michele DeStefano

De stefano, Global Lawyers + Global Law Schools: Entering the Innovation Tour...
De stefano, Global Lawyers + Global Law Schools: Entering the Innovation Tour...De stefano, Global Lawyers + Global Law Schools: Entering the Innovation Tour...
De stefano, Global Lawyers + Global Law Schools: Entering the Innovation Tour...Michele DeStefano
 
LWOW X Compliance & the ERC: Collaboration in Action
LWOW X Compliance & the ERC: Collaboration in ActionLWOW X Compliance & the ERC: Collaboration in Action
LWOW X Compliance & the ERC: Collaboration in ActionMichele DeStefano
 
DeStefano, Compliance, Transparency, Visibility: A U.S. Perspective: Cloudy A...
DeStefano, Compliance, Transparency, Visibility: A U.S. Perspective: Cloudy A...DeStefano, Compliance, Transparency, Visibility: A U.S. Perspective: Cloudy A...
DeStefano, Compliance, Transparency, Visibility: A U.S. Perspective: Cloudy A...Michele DeStefano
 
The Future Legal Marketplace: Innovation, Extrapreneurship, and a Law Withou...
The Future Legal Marketplace:  Innovation, Extrapreneurship, and a Law Withou...The Future Legal Marketplace:  Innovation, Extrapreneurship, and a Law Withou...
The Future Legal Marketplace: Innovation, Extrapreneurship, and a Law Withou...Michele DeStefano
 
Enriching Globalization With Low Cost Tech & Social Media: Serving More than ...
Enriching Globalization With Low Cost Tech & Social Media: Serving More than ...Enriching Globalization With Low Cost Tech & Social Media: Serving More than ...
Enriching Globalization With Low Cost Tech & Social Media: Serving More than ...Michele DeStefano
 
DeStefano, Alternative Litigation Funders and Claim Holders: A Common Intere...
DeStefano, Alternative Litigation Funders and Claim Holders:  A Common Intere...DeStefano, Alternative Litigation Funders and Claim Holders:  A Common Intere...
DeStefano, Alternative Litigation Funders and Claim Holders: A Common Intere...Michele DeStefano
 
DeStefano, Extrapreneurs, Interdependence, & a Law Without Walls
DeStefano, Extrapreneurs, Interdependence, & a Law Without WallsDeStefano, Extrapreneurs, Interdependence, & a Law Without Walls
DeStefano, Extrapreneurs, Interdependence, & a Law Without WallsMichele DeStefano
 
DeStefano, claim funders and stone soup hls 11 12-12
DeStefano, claim funders and stone soup hls 11 12-12DeStefano, claim funders and stone soup hls 11 12-12
DeStefano, claim funders and stone soup hls 11 12-12Michele DeStefano
 
DeStefano, Lawyers Influencing Nonlawyers: Too Many Cooks in the Kitchen or S...
DeStefano, Lawyers Influencing Nonlawyers: Too Many Cooks in the Kitchen or S...DeStefano, Lawyers Influencing Nonlawyers: Too Many Cooks in the Kitchen or S...
DeStefano, Lawyers Influencing Nonlawyers: Too Many Cooks in the Kitchen or S...Michele DeStefano
 
Virtual Third Places, Making Room in the Law Market
Virtual Third Places, Making Room in the Law MarketVirtual Third Places, Making Room in the Law Market
Virtual Third Places, Making Room in the Law MarketMichele DeStefano
 

Mehr von Michele DeStefano (10)

De stefano, Global Lawyers + Global Law Schools: Entering the Innovation Tour...
De stefano, Global Lawyers + Global Law Schools: Entering the Innovation Tour...De stefano, Global Lawyers + Global Law Schools: Entering the Innovation Tour...
De stefano, Global Lawyers + Global Law Schools: Entering the Innovation Tour...
 
LWOW X Compliance & the ERC: Collaboration in Action
LWOW X Compliance & the ERC: Collaboration in ActionLWOW X Compliance & the ERC: Collaboration in Action
LWOW X Compliance & the ERC: Collaboration in Action
 
DeStefano, Compliance, Transparency, Visibility: A U.S. Perspective: Cloudy A...
DeStefano, Compliance, Transparency, Visibility: A U.S. Perspective: Cloudy A...DeStefano, Compliance, Transparency, Visibility: A U.S. Perspective: Cloudy A...
DeStefano, Compliance, Transparency, Visibility: A U.S. Perspective: Cloudy A...
 
The Future Legal Marketplace: Innovation, Extrapreneurship, and a Law Withou...
The Future Legal Marketplace:  Innovation, Extrapreneurship, and a Law Withou...The Future Legal Marketplace:  Innovation, Extrapreneurship, and a Law Withou...
The Future Legal Marketplace: Innovation, Extrapreneurship, and a Law Withou...
 
Enriching Globalization With Low Cost Tech & Social Media: Serving More than ...
Enriching Globalization With Low Cost Tech & Social Media: Serving More than ...Enriching Globalization With Low Cost Tech & Social Media: Serving More than ...
Enriching Globalization With Low Cost Tech & Social Media: Serving More than ...
 
DeStefano, Alternative Litigation Funders and Claim Holders: A Common Intere...
DeStefano, Alternative Litigation Funders and Claim Holders:  A Common Intere...DeStefano, Alternative Litigation Funders and Claim Holders:  A Common Intere...
DeStefano, Alternative Litigation Funders and Claim Holders: A Common Intere...
 
DeStefano, Extrapreneurs, Interdependence, & a Law Without Walls
DeStefano, Extrapreneurs, Interdependence, & a Law Without WallsDeStefano, Extrapreneurs, Interdependence, & a Law Without Walls
DeStefano, Extrapreneurs, Interdependence, & a Law Without Walls
 
DeStefano, claim funders and stone soup hls 11 12-12
DeStefano, claim funders and stone soup hls 11 12-12DeStefano, claim funders and stone soup hls 11 12-12
DeStefano, claim funders and stone soup hls 11 12-12
 
DeStefano, Lawyers Influencing Nonlawyers: Too Many Cooks in the Kitchen or S...
DeStefano, Lawyers Influencing Nonlawyers: Too Many Cooks in the Kitchen or S...DeStefano, Lawyers Influencing Nonlawyers: Too Many Cooks in the Kitchen or S...
DeStefano, Lawyers Influencing Nonlawyers: Too Many Cooks in the Kitchen or S...
 
Virtual Third Places, Making Room in the Law Market
Virtual Third Places, Making Room in the Law MarketVirtual Third Places, Making Room in the Law Market
Virtual Third Places, Making Room in the Law Market
 

Beyond Benchmarking, How Should Law and Corporate Compliance Intersect

  • 1. Beyond Benchmarking: How Should Law and Corporate Compliance Intersect? MICHELE DESTEFANO FOUNDER, LAWWITHOUTWALLS Associate Professor of Law, MiamiLaw Program on the Legal Profession 13 November 2012
  • 2. Corporations Around the Globe Are Facing a HUGE challenge 11/14/2012 DeStefano 3
  • 3. Despite the current freeze on legal expenditure corporations are having to invest HEAVILY in compliance ... 11/14/2012 DeStefano 4
  • 4. . . . in managing the legal risk of business 11/14/2012 DeStefano 5
  • 5. Questions?Questions?Questions? Where does legal How Is Compliance end and compliance Managed and by start? Whom? Who Should be Responsible for Compliance? And What about Ethics and Corporate Culture? 11/14/2012 DeStefano 6
  • 6. In large publicly traded corporations, *historically* the compliance department was part of the legal department ... Overseen or even run by the chief legal officer ... 11/14/2012 DeStefano 7
  • 7. In many respects, this is still true today 11/14/2012 DeStefano 8
  • 8. Many corporate practices, and mandates put compliance in the hands of lawyers . . . 11/14/2012 DeStefano 9
  • 9. Practice/Mandates/Guidelines ABA Task Force on 46% of ACCA survey Corporate Responsibility respondents claim recommended that that Compliance was general counsels ultimately overseen oversee compliance (with direct oversight by the GC or the GC by the Board) serves as the CCO MR 1.13 and SOX §307 puts the GC in role of whistle blower/gatekeeper 11/14/2012 DeStefano 10
  • 10. Recently, this has begun to . . . 11/14/2012 DeStefano 11
  • 11. Although the government (e.g., OIG of the SEC and the DHHS) does not *require* that corporations separate the compliance and legal functions ... 11/14/2012 DeStefano 12
  • 12. ... their unofficial stance is that they *should* 11/14/2012 DeStefano 13
  • 13. Indeed, the SEC and the DHHS have forced corporations that have misbehaved to do just that ... 11/14/2012 DeStefano 14
  • 14. To develop distinct Compliance Departments And designate a Chief Compliance Officer *that does NOT report to the GC/CLO* and that has direct access to the Board 11/14/2012 DeStefano 15
  • 15. Consider the following Four examples 11/14/2012 DeStefano 16
  • 16. 2004 – Medicaid Pricing Fraud 11/14/2012 DeStefano 17
  • 17. In its Corporate Integrity Agreement (CIA), Schering-Plough had to pay $293M, establish a hotline, revise corporate conduct code/training and designate a CCO to report directly to the CEO or President *and NOT the GC* with direct access to the Board 11/14/2012 DeStefano 18
  • 18. 2004 – Fraudulent Revenue Projection 11/14/2012 DeStefano 19
  • 19. In settlement, Quest agreed to pay $250M, and create a CCO position that would *report directly* to the CEO with direct access to the Board 11/14/2012 DeStefano 20
  • 20. 2009 – Illegal Promotion of Drug Uses 11/14/2012 DeStefano 21
  • 21. Pfizer paid $2.3 BILLION, plead guilty to a felony criminal violation, and signed a 5-year CIA mandating that it create a hotline, heighten training, And designate a CCO that would not be subordinate to the GC/CLO and would have direct access to the Board 11/14/2012 DeStefano 22
  • 22. 2010 – Insider Trading Investigation 11/14/2012 DeStefano 23
  • 23. To appease, the SEC created a “real” and singular compliance department with oversight by one designated CCO 11/14/2012 DeStefano 24
  • 24. In Sum, the reaction by the DDHS and SEC has been to 11/14/2012 DeStefano 25
  • 25. To emphasize the structure, management, policies, and programs around compliance 11/14/2012 DeStefano 26
  • 26. To demand that malfeasant corporations separate compliance from the legal department, 11/14/2012 DeStefano 27
  • 27. Designate a CCO that is not also the GC and does not report to the GC 11/14/2012 DeStefano 28
  • 28. And that has direct access to the Board Of Directors 11/14/2012 DeStefano 29
  • 29. This Reaction is Consistent with Recent Laws and Recommendations SECs Compliance Federal Sentencing Rule 2004 requiring Guidelines defining each SEC registered what is an effective investment compliance program company/advisor to and providing extra designate a CCO to credit for corporations oversee compliance that designate separate and report directly to CCOs with direct the Board reporting to the board Guidelines by Professional Associations (OIG/ILA) recommending the same 11/14/2012 DeStefano 30
  • 30. And more and more corporations seem to be following suit 11/14/2012 DeStefano 31
  • 31. Over the past few years, in the wake of corporate scandals that span industries e.g., pharma, insurance, financial services, health care, consumer products, 11/14/2012 DeStefano 32
  • 32. There appears to be an emerging trend 11/14/2012 DeStefano 33
  • 33. to separate the compliance function from the legal department and create new distinct compliance departments 11/14/2012 DeStefano 34
  • 34. compliance departments largely led and comprised of non-lawyers and non-practicing lawyers that report directly to the CEO and have direct access to the board 11/14/2012 DeStefano 35
  • 35. Why and Should This Be So? Why Have Organizations Adopted this new stance on the organizational structure of compliance? AND Is this Best Practice? 11/14/2012 DeStefano 36
  • 36. Questions?Questions?Questions? Do Inhouse Lawyers - when they work in the legal department - somehow impair ethics and compliance? 11/14/2012 DeStefano 37
  • 37. Questions?Questions?Questions? Are lawyers – acting as lawyers – less able to prevent, uncover, and stop malfeasance? 11/14/2012 DeStefano 38
  • 38. Questions?Questions?Questions? Does taking compliance out of the hands of practicing lawyers create the type of change that is needed to ensure a culture of compliance? Or are these new compliance departments just a formal solution to appease? 11/14/2012 DeStefano 39
  • 39. “ A number of the early mover companies that created compliance departments did so as part of resolving a major mishap or high profile problem -- so it was not necessarily a best practice. But after a number of major companies have done it over the years, it starts to look like a best practice. Once in that position, it becomes hard for a major corporation to explain why they don't need a compliance department.” (FGC-2) 11/14/2012 DeStefano 40
  • 40. Purpose: Explore 3 Questions (i) What is “compliance”? (ii) How is it managed, where is it currently housed in large, publicly traded corporations and why (iii) Who Should Oversee Compliance: What are the risks and benefits of having a distinct compliance function run by non- lawyers (or non-practicing lawyers) that report to the CEO/Board? 11/14/2012 DeStefano 41
  • 41. Research Methodology Stage 1 • 2007 - completed before meltdown • 40 brief interviews (avg. 8 min) with General Counsels of S&P 500 corps in banking, pharmaceutical, & petroleum 11/14/2012 DeStefano 42
  • 42. Research Methodology Stage 2 • 2010-present • 30-40 in-depth interviews (avg 60 min) with General Counsels and Chief Compliance Officers of large, publicly traded corporations • 6 industries: Pharmaceutical, Energy, Healthcare, Consumer Products, Financial Services, and Misc 11/14/2012 DeStefano 43
  • 43. Research Methodology Stage 2 Goals: 1. 30-40 interviews comprising of 2 to 3 companies per industry 2. 1 ex-GC in each industry 3. 1 lower level compliance manager in each industry 4. 1 to 2 nonpublic companies (GC and CCO) 5. 1 senior manager that works or used to work in compliance at the SEC, OIG 6. 1 to 2 compliance consultants/activists 11/14/2012 DeStefano 44
  • 44. Caveats 1. Sample size is very very low 2. Still in the process of coding some interviews 3. This study is not comprised of a random sample and is based on self-reports by senior executives which arguably have certain stories to tell 11/14/2012 DeStefano 45
  • 45. Key Findings to Date: Stage 2 Who Oversees Compliance? • GCs had ultimate responsibility for the compliance function for the majority of corporations interviewed – But the Compliance Department is considered distinct from the Legal Department – And the CCO has a dotted line to Board 11/14/2012 DeStefano 46
  • 46. Key Findings to Date: Stage 2 Who Oversees Compliance? • Where GC/CLO did not have ultimate oversight, generally compliance was overseen by a former in-house lawyer, often the deputy general counsel, that reports to the CEO with access to the board 11/14/2012 DeStefano 47
  • 47. Key Findings to Date: Stage 2 Who Oversees Compliance? • Compliance Departments are made up of a lot of lawyers 11/14/2012 DeStefano 48
  • 48. Key Findings To Date: Role of the CCO vs the GC? 11/14/2012 DeStefano 49
  • 49. Problem often faced by the CCO is the giving of legal advice ... Hard not to do given the nature and scope of the job and that often the CCO was trained as a lawyer 11/14/2012 DeStefano 50
  • 50. Role of the CCO vs the GC? Consensus Similarity Legal and Compliance Departments rely on legal expertise and have a shared goal to increase compliance with the law 11/14/2012 DeStefano 51
  • 51. Role of the CCO vs the GC? Consensus Distinction The CCO focuses on 1) building policies and procedures; 2) monitoring adherence; 3) training and educating employees on specific regulatory obligations; and, 4) testing employees on adherence. 11/14/2012 DeStefano 52
  • 52. Role of the CCO vs the GC? Claimed Distinction 1 Compliance Officers (vs. GC) care about preventing misconduct, neutral fact finding, acting in the interest of stakeholders, uncovering misconduct, ethics, and culture 53
  • 53. Role of the CCO vs the GC? Claimed Distinction 2 Compliance Officers have different reporting obligations, aren‟t acting as lawyers, and can‟t garner attorney-client privilege protection 54
  • 54. Role of the CCO vs the GC? Claimed Distinction 3 Compliance requires management know-how in training, HR matters, communications, auditing, and internal controls , While legal work Requires training in the law 55
  • 55. Role of the CCO vs the GC? Claimed Distinction 4 Lawyers tell you what the law says and are concerned with legal liability and vigorously defending the corporation at all costs 56
  • 56. Role of the CCO vs the GC? Claimed Distinction 5 The lawyers tell you whether you can do something, and compliance tells you whether you should 57
  • 57. Role of the CCO vs the GC? Typical Quote “The General Counsel‟s job is . . . to advise [the company and senior managers] of the legal risks but not initiate the conversation over what is the right thing to do – the General Counsel‟s job is more black and white.” 58
  • 58. But these distinctions appear to be a bit artificial 11/14/2012 DeStefano 59
  • 59. If you have a broad view of the role of the GC; If you believe (as many do) that the GC has or should have some gatekeeping responsibilities 11/14/2012 DeStefano 60
  • 60. If you think The GC should play the role of counselor in charge of corporate culture and ethics and the corporate conscience ... 11/14/2012 DeStefano 61
  • 61. Then these distinctions are a bit artificial 11/14/2012 DeStefano 62
  • 62. Many GC interviewees saw these distinctions in reverse 11/14/2012 DeStefano 63
  • 63. They claimed that the GC (as opposed to the CCO) is in charge of the ethics and corporate culture and that the CCOs can sometimes be seen as just . . . 11/14/2012 DeStefano 64
  • 64. Traffic Cops 11/14/2012 DeStefano 65
  • 65. So Perhaps it is the philosophy of the role that matters more than the titles and segmentations 11/14/2012 DeStefano 66
  • 66. A Typology of Roles: Not All CCOs are Alike 11/14/2012 DeStefano 67
  • 67. Automatan 11/14/2012 DeStefano 68
  • 68. Investigator 11/14/2012 DeStefano 69
  • 69. Mark Wahlberg: The Departed 11/14/2012 DeStefano 70
  • 70. Spy 11/14/2012 DeStefano 71
  • 71. Counselor 11/14/2012 DeStefano 72
  • 72. Counselor “I like to play the business card game with my CEO. Whenever there is a tough conversation around ethics and compliance and the law, I ask my CEO to take out his business card. I point out, as we look at the cards, that his card says „president, CEO, and chairman.” My card says „VP, GC, and counsel.” I explain that want to concentrate on the counsel part. My card gives me the right to counsel you and you can disregard it. But I get to say I told you so . . .” 11/14/2012 DeStefano 73
  • 75. Scarecrow 11/14/2012 DeStefano 76
  • 76. Which Way Do We Go? 11/14/2012 DeStefano 77
  • 77. “Throughout the organization, we don‟t have someone named as a compliance officer – meaning that, if one person is in charge of compliance, nobody else has to worry about it.” (GC large petroleum company) 11/14/2012 DeStefano 78
  • 78. Given that there are so many different archetypes, perhaps the right Question is: 11/14/2012 DeStefano 79
  • 79. What are the risks and benefits of having the two Segregated departments? 11/14/2012 DeStefano 80
  • 80. Does segregation, in and of itself create specific negative repercussions or positive consequences? 11/14/2012 DeStefano 81
  • 81. Risks if Combined: Conflict of Interest 11/14/2012 DeStefano 82
  • 82. Risks if Combined: Shield of Secrecy 11/14/2012 DeStefano 83
  • 83. Risks if Separate: Turf Wars 11/14/2012 DeStefano 84
  • 84. Risks if Separate: Inefficiencies 11/14/2012 DeStefano 85
  • 85. Risks if Separate: Communication Issues & Loss of Shared Learnings 11/14/2012 DeStefano 86
  • 86. Unidentified Risks if Separate: Revival of the Legal Technician 11/14/2012 DeStefano 87
  • 87. Unidentified Risks if Separate: Decrease in Gatekeeping & Counselor Role 11/14/2012 DeStefano 88
  • 88. Unidentified Risks if Separate: Increase in Information Protected by the Attorney-Client Privilege 11/14/2012 DeStefano 89
  • 89. Unidentified Risks if Separate: Terminator CCOs 11/14/2012 DeStefano 90
  • 90. Unidentified Risks if Separate: Increase in the UPL 11/14/2012 DeStefano 91
  • 91. Unidentified Risks if Separate: Increase in the UPL “There is no such thing as a non-practicing lawyer – purely practical – if you are a lawyer you are a lawyer doesn‟t matter if licensed to practice law or not – people look at you as a lawyer and rely on you as it to dispense legal advice despite of title . . and therefore in my view I‟m a GC of company if one my lawyers screws up – I‟m responsible - - I can‟t say that‟s lawyer in compliance and I get by . . I think its functionally wrong . . but reasonable people can differ” 11/14/2012 DeStefano 92
  • 92. Unidentified Risks if Separate: Rise of the Law Consultant not bound by the MRPC 11/14/2012 DeStefano 93
  • 93. Unidentified Risks if Separate: Just Another Risk to be Managed 11/14/2012 DeStefano 94
  • 94. Unidentified Risks if Separate: Increase in Strict Liability? 11/14/2012 DeStefano 95
  • 95. Unidentified Risks if Separate: Just a Copy-Cat Move 11/14/2012 DeStefano 96
  • 96. But the only way to determine who should oversee compliance and whether the departments should be segregated, is to agree on what are the objectives ... 11/14/2012 DeStefano 97
  • 97. Are the objectives to increase the corporation‟s Compliance with the rule of law? 11/14/2012 DeStefano 98
  • 98. Are the objectives to increase the corporation‟s normative commitment to compliance? i.e., to establish a culture of compliance? 11/14/2012 DeStefano 99
  • 99. Or are the objectives to enhance the expectations society has of lawyers and their role as gatekeepers, counselors, keepers of the corporate conscience? 11/14/2012 DeStefano 100
  • 100. Arguably, the current trend/mandate applauds form over function and fails to deliver 11/14/2012 DeStefano 101
  • 101. Although it is true that the SEC has claimed it will assess whether a company has a “culture of compliance” 11/14/2012 DeStefano 102
  • 102. Recent Mandates by the government including the SEC do not appear to to be doing so. They do NOT even consider 11/14/2012 DeStefano 103
  • 103. The Importance of Collaboration to Effective Compliance & Culture 11/14/2012 DeStefano 104
  • 104. Instead they prize Independence and traditional notions of control OVER interdependency, embeddedness And collaboration 11/14/2012 DeStefano 105
  • 105. They emphasize the outward formal organizational structures and programs ... as if they are proxies for effective compliance 11/14/2012 DeStefano 106
  • 106. The Org Chart 11/14/2012 DeStefano 107
  • 107. A Code of Conduct 11/14/2012 DeStefano 108
  • 108. Training Manuals & Programs 11/14/2012 DeStefano 109
  • 109. In order to find the critical gaps, the focus should be on the Internal: 1) How people interact 11/14/2012 DeStefano 110
  • 110. Informal Cultural Communication Norms 11/14/2012 DeStefano 111
  • 111. It is the hidden norms and social networks that impact the choices employees make NOT the public, formal, ethics programs, codes of conduct, and missions statements 11/14/2012 DeStefano 112
  • 112. Researchers agree that formal systems are the weakest link in the organization‟s ethical infrastructure and are typically far eclipsed by their informal counterparts 11/14/2012 DeStefano 113
  • 113. In order to find the critical gaps, the focus should be on the internal: 2) How people are motivated 11/14/2012 DeStefano 114
  • 115. While it is true that many compliance functions are “route” or “check-the-box,” and malfeasance with these task is easy to uncover and compliance is easy to motivate 11/14/2012 DeStefano 116
  • 116. When the choice involves non-routine tasks and deliberation involving morals, ethics, personal preferences, malfeasance is much harder to control with carrots or sticks 11/14/2012 DeStefano 117
  • 117. Indeed, monetary incentives can take the good out of doing good; and If-then carrots or sticks neglect the ingredients of Genuine motivation 11/14/2012 DeStefano 118
  • 119. In order to find the critical gaps, the focus should be on the internal: 2) How people make ethical decisions 11/14/2012 DeStefano 120
  • 120. How Does Ethics Intersect with Compliance and the Law? 11/14/2012 DeStefano 121
  • 121. Compliance initiatives do not account for the reality that employees do not necessarily recognize a dilemma as an ethical one 11/14/2012 DeStefano 122
  • 122. Many Ethical Dilemmas Result from Blind Spots 11/14/2012 DeStefano 123
  • 123. ... Think Pinto ... Think The Challenger 11/14/2012 DeStefano 124
  • 124. Desensitization and Ethical Fading 11/14/2012 DeStefano 125
  • 125. Preliminary Conclusions: 1) large, publicly traded Corporations should not preemptively comply with the government‟s unofficial preference towards stand alone compliance departments 11/14/2012 DeStefano 126
  • 126. Preliminary Conclusions: 2) Instead of focusing on the outward form and structure of an organization or formal exemplifications of compliance, assessment should look inward, at the informal communication, value chains, and culture of the company 11/14/2012 DeStefano 127
  • 127. Preliminary Conclusions: 3) Bonus points should be given to those corporations that take an inward look at how work is actually being done and the networks and ethical culture that exists beneath and beyond the Org chart, the mission statement, and the code of conduct 11/14/2012 DeStefano 128
  • 128. Questions?Questions?Questions? Are lawyers better Is the culture of the able to run company determined compliance than by the tone at the nonlawyers? top? Or the tone at Should them middle? Compliance be separate from Legal? Is having a compliance department more important today than 5 years ago? 11/14/2012 DeStefano 129
  • 129. MICHELE DESTEFANO FOUNDER, LAWWITHOUTWALLS Associate Professor of Law, MiamiLaw md@law.miami.edu 11/14/2012 DeStefano 130